RE: Cobalt Scan

From: Jeroen Wesbeek (duhat_private)
Date: Fri Jul 27 2001 - 00:55:46 PDT

Next message: Keith.Morgan: "Sneaky vuln-scanning, vulnerable list generation"

Previous message: Kelvin: "Re: Network attack from S1 Corporation"
Maybe in reply to: Ryan W. Maple: "Cobalt Scan"
Next in thread: Sven Carstens: "RE: Cobalt Scan"
Reply: Sven Carstens: "RE: Cobalt Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there,

After I read this mail I checked our logs and the same thing poped up there:

access_log:195.92.95.61 - - [25/May/2001:19:35:34 +0200] "HEAD
/cobalt-images/welcome2.gif HTTP/1.0" 404 0
access_log:195.92.95.61 - - [24/Jun/2001:03:50:57 +0200] "GET
/cobalt-images/welcome2.gif HTTP/1.0" 404 291
error_log:[Fri May 25 19:35:34 2001] [error] [client 195.92.95.61] File does
not exist: /to/vhost/cobalt-images/welcome2.gif
error_log:[Sun Jun 24 03:50:57 2001] [error] [client 195.92.95.61] File does
not exist: /to/vhost/cobalt-images/welcome2.gif

I noticed the IP adress is (probably) the same and it reverses to:

Name:    ariston.netcraft.com
Address:  195.92.95.61

Appearantly somebody just used netcraft to see more information about your
server :)
So no worries :)


dowebwedo
Jeroen Wesbeek
.programming
Nieuwekade 213 | 3511 RW Utrecht
The Netherlands
p 030 232 63 38 | f  030 234 26 16

[roses are red, violets are blue,
         I am schizophrenic and so am I ]


-----Original Message-----
From: Ryan W. Maple [mailto:ryanat_private]
Sent: donderdag 26 juli 2001 19:04
To: incidentsat_private
Subject: Cobalt Scan



I just got this in one of my access_log's today:

  195.92.95.XX - - [26/Jul/2001:10:25:57 -0400] "HEAD
/cobalt-images/welcome2.gif HTTP/1.0" 404 0

It looks like a scan for a Cobalt box.  I don't have one but I haven't
seen this mentioned here before (probably part of some bigger kit I'd
assume).

Cheers,
Ryan

 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
   Ryan W. Maple          "I dunno, I dream in Perl sometimes..."  -LW
   Guardian Digital, Inc.                     ryanat_private
 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Keith.Morgan: "Sneaky vuln-scanning, vulnerable list generation"
Previous message: Kelvin: "Re: Network attack from S1 Corporation"
Maybe in reply to: Ryan W. Maple: "Cobalt Scan"
Next in thread: Sven Carstens: "RE: Cobalt Scan"
Reply: Sven Carstens: "RE: Cobalt Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:19:02 PDT